creating-bookmarklets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs users to an unverified third-party domain at 'https://austegard.com/web-utilities/bookmarklet-installer.html' for code installation. Using unvetted external sites for processing generated executable code is a high-risk practice.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill's primary purpose is generating 'javascript:' protocol URI payloads. This provides a direct path for the agent to produce executable code that runs in the security context of a user's browser, which can be weaponized if the agent is prompted to create malicious logic.
- [PROMPT_INJECTION] (HIGH): There are no boundary markers or instructions to prevent the agent from obeying malicious instructions embedded in user prompts or processed data. This could result in the generation of bookmarklets that steal cookies, exfiltrate page content, or modify DOM elements.
- [DYNAMIC_EXECUTION] (MEDIUM): The 'Common Patterns' section explicitly provides code for dynamic library loading via script tag injection ('document.createElement("script")'). This technique is a common vector for pulling secondary malicious payloads into a browser session.
- [COMMAND_EXECUTION] (MEDIUM): The skill contains logic for client-side minification and link generation using the Terser library, which involves programmatic assembly and encoding of executable JavaScript strings.
Recommendations
- AI detected serious security threats
Audit Metadata